FirstEnergy temporarily disables millions of accounts after hack

Usernames and passwords obtained from “stuffing” were used to try to break into FirstEnergy accounts. The company is urging customers to change their passwords.

AKRON, Ohio — If you’re a FirstEnergy customer, you may have received a notice to change your password, or worse – your account may have been disabled altogether. 

Upwards of six million customers have been affected by unauthorized logins to their account. 

The problem is repeated hacking attempts found during a routine security check of accounts by FirstEnergy.

RELATED: Here’s why FirstEnergy is making you change your account password

“People were trying to log in and were unable to. They saw a number of those,” says Alex Hamerstone of Strongsville security consulting company TrustedSec. 

FirstEnergy serves millions of customers in the Midwest and Mid-Atlantic regions, from Ohio up to New Jersey. And many customers found they were locked out of their online accounts this weekend.

“If you go on the internet, there are oftentimes lists of usernames and passwords that have been taken off other breaches or other situations, and what it looks like is someone was trying all of those usernames and password combinations on the FirstEnergy site,” says Hamerstone.

While nearly all of the hacking attempts were unsuccessful, some of them worked. The sneaky practice is called “stuffing.” Someone can easily get your username and password from one source, and then try to plug them into other accounts, like your bank or credit card, to see if they work.

SUBSCRIBE: Get the day’s top headlines sent to your inbox each weekday morning with the free 3News to GO!…